I will paste a log of the scan hijackthis did on my computer if anyone can help. I do not know what to delete as i have been having very bad problems with my computer. It looks like my home page has been hijacked as it used to Google, now I cannot get it at all. It just times itself out. I can get some things on my computer when on the internet but if i was to tap in something on my new homepage 9 times out of ten it would not come up. Is there anything i could buy that will help as i have Had my computer scanned for adaware and spyware and it is supposed to be all right. I have also had Pc doctor saying it had 3 problems on it but now I cannot even get PC Doctor.
I wonder if any expert computer person can help me.
thanks for your answer how do I go about formatting, bit clueless with computers. Here is the log any way.
Logfile of HijackThis v1.98.2
Scan saved at 16:30:27, on 26/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\realtime.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Ascentive\ActiveSpeed\AS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\POPUPB~1\PopupBeGone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ingenuware\ChessRally 2\ChessRally.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/getContent.jspx?page=services_phone
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webcache.blueyonder.co.uk:14368
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\POPUPB~1\IEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Update Machine] wuid.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuid.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] wuid.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27d20748d60324422814/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
Originally posted by heldenO16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
thanks for your answer how do I go about formatting, bit clueless with computers. Here is the log any way.
Logfile of HijackThis v1.98.2
Scan saved at 16:30:27, on 26/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Inte ...[text shortened]... http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
This may or may not be what's causing your hijacked homepage, but either way it's probably not something that you want. http://sarc.com/avcenter/venc/data/adware.horoscope.html contains some information (as well as instructions for manual removal from the registry - take care if you do this tho!)
Also, if you haven't already done so it may be an idea to get hold of a different anti-spyware/adware/malware etc program than the one you used that said everything was okay. Spy-bot is one such example.
Edit: Ad-aware may be of use: http://www.lavasoft.de/support/download/
Originally posted by heldenHi I am no expert in computers but went through something similar a while back and got sorted out with help from pcpitstop forums-they have a section specifically to post hijack logs- the main site is http://www.pcpitstop.co.uk I managed through their advice to avoid having to reformat or reload windows(it did take a while, lots of different spy and virus scans etc!).
I will paste a log of the scan hijackthis did on my computer if anyone can help. I do not know what to delete as i have been having very bad problems with my computer. It looks like my home page has been hijacked as it used to Google, now I cannot get it at all. It just times itself out. I can get some things on my computer when on the internet but if ...[text shortened]... on it but now I cannot even get PC Doctor.
I wonder if any expert computer person can help me.
Good luck!
Originally posted by helden
I will paste a log of the scan hijackthis did on my computer if anyone can help. I do not know what to delete as i have been having very bad problems with my computer. It looks like my home page has been hijacked as it used to Google, now I cannot get it at all. It just times itself out. I can get some things on my computer when on the internet but if i was to tap in something on my new homepage 9 times out of ten it would not come up. Is there anything i could buy that will help as i have Had my computer scanned for adaware and spyware and it is supposed to be all right. I have also had Pc doctor saying it had 3 problems on it but now I cannot even get PC Doctor.
I wonder if any expert computer person can help me.
In IE (if you're using it) goto tools > Internet Options. Under homepage address, set it to www.google.com. Odds are it is set to a redirection page and as you're not changing it, each time you connect to the net you go to the same page.
You can actually receive viruses, JUST BY BROWSING the net, but there tend to be 'seedy' sites.
If you really want to reinstall Windows 98 or whatever you're using, I recommend backing up all your work to a separate partition (if you have such) formatting your system partition, getting the latest version of McAfee and scanning the remainder of your files. Alternately you can go to Mcaffee's web site and do an online scan, however this takes a long time and probably won't be sufficient to actually remove the virus (if you have one), but atleast you'll know which route to take.
Win XP, Win prof (and some Win98) installation CD's boot from the CD ROM so you don't actually need a boot disk.
If you really need a win 98 boot disk, go to
http://www.putergeek.com/downloads/index.shtml
At the bottom there is a link to
win95b_boot_disk.exe
Good luck.
cheers